What is a signature?


This is one of my favourite anecdotes from wordsmith Neil Gaiman:

I'm not quite famous enough to have my autograph plastered all over the Internet - but I do have a JPG copy of my signature stored in a convenient location.

Hand-signed documents - so called "wet signatures" - are a totem. People think that they represent an infallible and unbreakable pact. They don't, of course. So I just paste-in my JPG at the bottom of important documents.

This has only caused me a problem once. I electronically completed a document only to be told that they would only accept hand-signed version. Bollocks to that! I opened the document in a photo editor, rotated it 7 degrees clockwise, and added a paper texture background image. The company accepted it with thanks.

Similarly, I recently had a company tell me they needed a copy of a utility bill to "verify my identity". Like most of the modern world, I only receive bills online. They were happy to accept a screenshot. Now, I'm no artist, but it would be easy for me to digitally manipulate a screenshot or a PDF. So what does it prove?

I suppose I could cryptographically sign my messages. Although I doubt most organisations have the ability to accurately access their authenticity. Heck, I doubt most geeks do, either!

XKCD Comic. It reads "How to use PGP to verify that an email is authentic: look for this text at the top. Begin PGP signed message. If it is there, the email is probably fine."

There are some things people do to sort of validate I am who I say I am.

  • Check I have access to an online account by asking me to post a specific message from it.
  • Check I have access to a physical address by sending me a token in the post.
  • Check I have access to knowledge about my first school, favourite sports team, and other security questions probably known by close family and friend.

They are all quite weak indicators. So we fall back on an inky squiggle that's easy to copy and easy to replicate.

We've reached a weird inflection point with identity. There's very little I can do to prove who I am. There's almost zero things you can do to validate what little proof I can offer.

One thought on “What is a signature?

  1. In Victoria, AU if you don't have a copy of your full birth certificate by the age of 21, it can be very difficult to get one -- if you are under 21, then a parent can help, but not if you reach 21. The births, deaths and marriages department will take "copies" of documents, but the driving license authority (Vic Roads) will not accept any document unless it is a bonafide original; it can't even be a certified copy!

    Ordinarily a certified copy of a document can be done by a member of the local police force or a justice of the peace and it is generally well accepted in place of originals.

    So, if you haven't got a learner's or driver's license for a motor vehicle and you have limited access to proper original documents, then it might be impossible to fix.

    As to electronic signatures, I've always thought it was a joke to accept an image from a computer file as a signature or a rubber stamp of your signature. I think the only valid way with paper documents is to use a pen and sign it in person with a valid witness, anything less is always going to be questionable from a contract perspective.

    Proper electronic signing can be an issue too as anybody can create a GPG key pair for any "email address" they like and if it doesn't pass the web of trust then it will still likely be accepted... and the WOT is flawed in itself as people will sign any old key just like they click okay, okay, okay during an installation and install malware that they were even told about by simply clicking through.

    In the electronic age, you still get asked for a letter head for a business, which most people never have these days. Just about anything can be dodgied up if you need it, especially in the world of PDfs that are over trusted to be bonafide, but they are just a plain old electronic computer file with a source that is easily adjusted in most cases. Photoshopping is also a very real thing. Heck, these days you can't even trust a video with a voice of someone you "know" ... http://www.bbc.com/news/technology-43639704

Leave a Reply

Your email address will not be published. Required fields are marked *